aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2016-11-09 21:53:57 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2016-11-14 20:10:39 +0000
commit41b10e1aa4a669b8baea6ca23fa350bff1dbc4a0 (patch)
tree66321d933b101dda32d980e319cbe90f8cf3afcf
parent1a2a03519b7258ee9c3683f43422cb53daeec81f (diff)
downloadaports-41b10e1aa4a669b8baea6ca23fa350bff1dbc4a0.tar.bz2
aports-41b10e1aa4a669b8baea6ca23fa350bff1dbc4a0.tar.xz
scripts/mkimage: automatically add pubkey from abuild
the boot repositry needs to be signed with a key. We explicitly copy this to initramfs so users don't need use --hostkeys which requires access to /etc/apk/keys/ without the key in intramfs the boot repository will be useless
-rw-r--r--scripts/mkimage.sh8
-rw-r--r--scripts/mkimg.base.sh1
2 files changed, 9 insertions, 0 deletions
diff --git a/scripts/mkimage.sh b/scripts/mkimage.sh
index 50d067fa54..806247213b 100644
--- a/scripts/mkimage.sh
+++ b/scripts/mkimage.sh
@@ -209,6 +209,14 @@ req_arch=${req_arch:-${default_arch}}
[ "$req_arch" != "all" ] || req_arch="${all_arch}"
[ "$req_profiles" != "all" ] || req_profiles="${all_profiles}"
+# get abuild pubkey used to sign the apkindex
+# we need inject this to the initramfs or we will not be able to use the
+# boot repository
+if [ -z "$_hostkeys" ]; then
+ _pub=${PACKAGER_PRIVKEY:+${PACKAGER_PRIVKEY}.pub}
+ _abuild_pubkey="${PACKAGER_PUBKEY:-$_pub}"
+fi
+
# create images
for ARCH in $req_arch; do
APKROOT="$WORKDIR/apkroot-$ARCH"
diff --git a/scripts/mkimg.base.sh b/scripts/mkimg.base.sh
index db2a3b2818..354d174010 100644
--- a/scripts/mkimg.base.sh
+++ b/scripts/mkimg.base.sh
@@ -4,6 +4,7 @@ build_kernel() {
local _pkgs="$@"
update-kernel \
$_hostkeys \
+ ${_abuild_pubkey:+--apk-pubkey $_abuild_pubkey} \
--media \
--flavor "$_flavor" \
--arch "$ARCH" \